- Trending
- Comments
- Latest
The UXLINK hack has entered a new phase after the attacker began converting stolen assets into stablecoins, according to on-chain data. Nearly 48 hours after the exploit, the malicious actor swapped 1,620 ETH into DAI, valued at roughly $6.8 million at the time of the transaction.
This marks the first large-scale attempt to cash out proceeds from the UXLINK exploit. Security trackers report the attacker has engaged in extensive fund shuffling across multiple wallets, using both decentralized finance (DeFi) protocols and centralized exchanges to obscure the money trail.
“The attacker is clearly in the laundering phase,” — blockchain investigator Alex Barnes, ChainArgos, told reporters. “By splitting funds across exchanges and stablecoins, they reduce traceability, though recovery efforts are ongoing.”
In an unusual twist, the UXLINK hack took an ironic turn when the perpetrator themselves fell victim to a phishing scam. Researchers revealed that the hacker inadvertently approved a malicious contract linked to the Inferno Drainer group. This error resulted in the loss of 542 million UXLINK tokens, worth about $43 million at the time, to another malicious actor.
Despite the setback, the attacker still controls millions in stolen assets, with recent conversions suggesting a strategy of gradual liquidation rather than rapid offloading.
The attack on UXLINK began on September 22, continuing for several hours into the following day. The exploit stemmed from a delegate call vulnerability in the project’s multi-signature wallet. This flaw allowed the attacker to gain administrator-level control, enabling unauthorized transfers and the ability to mint counterfeit tokens.
Within hours, the attacker minted nearly 10 trillion CRUXLINK tokens on the Arbitrum blockchain and converted a portion into ETH, USDC, and other liquid assets. The rapid liquidation caused UXLINK’s native token to collapse by more than 70%, devastating investor confidence.
UXLINK’s team immediately alerted major exchanges, requesting freezes on suspicious transactions. They also engaged blockchain security firms to trace stolen funds. Despite these emergency steps, much of the damage was irreversible.
“Multisig wallets are supposed to be secure, but a poorly coded delegate call can undermine the entire structure,” — John Tan, security researcher at SlowMist, explained. “This is another lesson in why audits must go beyond surface-level checks.”
In the aftermath of the UXLINK hack, the protocol deployed emergency measures to restore trust. A new smart contract was launched with a capped token supply and tighter multisig wallet controls. The contract was audited to prevent similar vulnerabilities, focusing on contract interactions and governance safeguards.
Additionally, the project initiated a token migration, moving users to the newly secured contract while attempting to isolate compromised assets. UXLINK has also pledged to provide updates on recovery attempts and negotiations with exchanges.
However, the attacker’s ongoing asset movements complicate recovery. Analysts warn that as more funds are converted into stablecoins or funneled through mixers, the chances of clawing back losses shrink.
The UXLINK hack highlights persistent risks in the decentralized finance ecosystem. With more than $7 billion stolen from DeFi protocols since 2021, according to Chainalysis, the industry continues to grapple with vulnerabilities in wallet design, smart contracts, and governance models.
For investors, the incident reinforces the importance of caution when engaging with new protocols, especially those managing large pools of liquidity without rigorous security frameworks.
“The fact that even hackers are falling victim to phishing shows how dangerous this ecosystem can be,” — Tan added. “No one is safe if basic precautions are ignored.”
While UXLINK’s technical team works to reinforce infrastructure, the project faces the challenge of rebuilding user confidence. Market analysts expect volatility in the protocol’s token price as liquidity gradually returns, but reputational damage may persist longer.
The attacker’s recent shift to DAI suggests that more laundering efforts will follow, potentially through cross-chain bridges and lesser-known exchanges. Authorities and forensic firms are monitoring movements closely, though successful recovery remains uncertain.
Ultimately, the UXLINK hack serves as a case study in both the vulnerabilities of DeFi and the evolving sophistication of attackers. It underscores the urgent need for stronger security practices, cross-exchange collaboration, and investor due diligence in the fast-growing digital asset space.
